Bug#1121480: bookworm-pu: package libssh/0.10.6-0+deb12u2

[Salvatore Bonaccorso <carnil@debian.org>]

Hi Emilio,

On Thu, Nov 27, 2025 at 10:09:14AM +0100, Emilio Pozuelo Monfort wrote:
> Package: release.debian.org
> Severity: normal
> Tags: bookworm
> X-Debbugs-Cc: libssh@packages.debian.org
> Control: affects -1 + src:libssh
> User: release.debian.org@packages.debian.org
> Usertags: pu
> 
> [ Reason ]
> This update fixes various CVEs of minor severity, tagged <no-dsa> by
> the Security Team.
> 
> [ Impact ]
> If this isn't approved, various (minor) client-side security issues will
> be left unfixed.
> 
> [ Tests ]
> Build tests, autopkgtests, rdeps autopkgtest (thanks to debusine, see [1]).
> Verified that the cryptsetup/amd64 failure is not a regression (fails with
> deb12u1 too), probably due to lack of permissions on the runner.
> 
> Some manual tests as well with libssh rdeps.
> 
> [ Risks ]
> Risk is small as the patches were easy to backport, and due to the tests.
> 
> [ Checklist ]
>   [x] *all* changes are documented in the d/changelog
>   [x] I reviewed all changes and I approve them
>   [x] attach debdiff against the package in (old)stable
>   [x] the issue is verified as fixed in unstable
> 
> [ Other ]
> I have already uploaded the package to oldstable-new.

I noticed there is already the upload from Martin Pitt here:

https://release.debian.org/proposed-updates/bookworm_diffs/libssh_0.10.6-0+deb12u2.debdiff

but I did not found a corresponding release.d.o bug for it. Should
that one be rejected in favour of yours as you have two more patches
applied?

Regards,
Salvatore